Alert for real-time risk of theft or loss

ABSTRACT

Devices, methods, systems and a computer readable medium for the provision of alerts to electronic devices in response to real-time, location based analysis of the risk of theft or loss of such devices are provided. A continually updated database of locations of thefts, losses and/or stolen or lost electronic devices is accessed in order to provide the alerts to the electronic devices.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional PatentApplication No. 61/240,993, filed on Sep. 9, 2009, priority from thefiling date of which is claimed, and which is hereby fully incorporatedby reference.

TECHNICAL FIELD

The present disclosure relates to the protection of electronic devicesfrom loss or theft, and in particular to systems and methods foralerting an owner or legitimate user of an electronic device of the riskof loss or theft thereof.

BACKGROUND

People are often forgetful or distracted in busy or transient spaces,such as airports, taxis, trains, hotels, shopping malls, etc. andthieves often take advantage of this to steal personal electroniccomputing or communications devices. Apart from being stolen, suchdevices are often lost in these busy areas. Since proprietaryinformation is routinely stored on such devices, the need to protectsuch proprietary or sensitive data and to prevent the theft of suchdevices is self-evident.

Laptops, and increasingly other electronic devices such as cell phones,PDAs, smart phones (e.g. Blackberry™, iPhone™), memory sticks, personalmedia devices (e.g. iPod™), gaming devices and personal computers, areoften remotely tracked so that they can be recovered in the event oftheft. Such tracking may be effected by sending location information toa remote storage site or an email server.

While such tracking systems may be effective in the recovery of lost orstolen electronic devices, they do little to help prevent loss or theftin the first place. Accordingly, in an effort to discourage theft,owners of tracked or untracked personal electronic computing andcommunications devices sometimes apply irremovable and/or indeliblewarning stickers to such devices. However, perhaps in part because athief may not see a warning sticker before or during the commission of atheft (and is not likely to return the stolen device to the owner if thethief sees the warning sticker afterwards), these sorts of warningstickers have shown in practice to provide only a limited amount ofprotection against theft.

SUMMARY

This summary is not an extensive overview intended to delineate thescope of the subject matter that is described and claimed herein. Thesummary presents aspects of the subject matter in a simplified form toprovide a basic understanding thereof, as a prelude to the detaileddescription that is presented below. Neither this summary nor thefollowing detailed description purports to define or limit theinvention; the invention is defined only by the claims.

The subject matter described herein provides a system and method for theautomatic provision of alerts to owners and/or legitimate users ofelectronic devices that are at potential risk of loss or theft. Afrequently-updated database of locations of theft incidents, locationsof losses and/or current or recent locations of lost or stolenelectronic devices is used to provide alerts to the owner or legitimateuser when his/her electronic device is detected to be in an elevatedrisk zone for loss or theft. The level of risk of the zone is ideallydetected in real or near-real time.

In embodiments of the disclosed subject matter, an agent in a protectedelectronic device communicates its location, or location specificinformation, at selected intervals to a monitoring center, whichmaintains a database of the location information of previously lost orstolen devices. If the location of the protected electronic device isdetermined to be within a zone of recent loss or theft activity (i.e. anelevated risk zone for loss or theft), the owner or user of theprotected electronic device is alerted.

In some embodiments, alerts can additionally be transmitted from oneprotected device to other protected devices in the same vicinity inorder to provide an enhanced awareness of the risk of theft. In otherembodiments, alerts may additionally or alternatively be transmitted tonon-protected devices (such as, for example, cell phones or the likecarried by the owner or legitimate user of the protected device, ordevices of the sort typically used or monitored by securityorganizations or personnel).

BRIEF DESCRIPTION OF THE DRAWINGS

For a fuller understanding of the nature and advantages of the disclosedsubject matter, as well as the preferred mode of use thereof, referenceshould be made to the following detailed description, read inconjunction with the accompanying drawings. In the drawings, likereference numerals designate like or similar steps or parts.

FIG. 1 is a schematic functional block diagram of a system and methodfor the automatic provision of alerts to owners of electronic devices inaccordance with an embodiment of the disclosed subject matter.

FIG. 2 is a schematic functional block diagram of a system and methodfor the automatic provision of shared alerts to owners of electronicdevices in accordance with alternate embodiments of the disclosedsubject matter.

FIG. 3 is a schematic functional block diagram of a system and methodfor the automatic provision of alerts to owners of proximal electronicdevices in accordance with alternate embodiments of the disclosedsubject matter.

FIG. 4 is a schematic functional block diagram of a system and methodfor the automatic provision of shared alerts to owners of electronicdevices in accordance with alternate embodiments of the disclosedsubject matter.

FIG. 5 is a functional flow diagram schematically representing the alertprovision process of the system and method of FIG. 1.

FIG. 6 is a functional flow diagram schematically representing the alertprovision process of the system and method of FIG. 3.

DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS A. Terminology

Agent—as used herein, is a software, hardware or firmware agent that isideally persistent and stealthy, and that resides in a computer or otherelectronic device. The agent provides servicing functions which requirecommunication with a remote server. The agent is tamper resistant andcan be enabled for supporting and/or providing various services such asdata delete, firewall protection, data encryption, location tracking,message notification, and software deployment and updates. Anillustrative embodiment of an agent is found in the commerciallyavailable product Computrace Agent™. The technology underlying theComputrace Agent™ has been disclosed and patented in the U.S. and othercountries, which patents have been commonly assigned to AbsoluteSoftware Corporation. See, for example, U.S. Pat. Nos. 5,715,174;5,764,892; 5,802,280; 6,244,758; 6,269,392; 6,300,863; and 6,507,914;and related foreign patents. Details of the persistent function of anagent are disclosed in U.S. Patent Application Publication Nos.US2005/0216757 and US2006/0272020. The technical disclosures of thesedocuments are fully incorporated by reference as if fully set forthherein. It is feasible to use an equivalent agent to the ComputraceAgent™, or less preferably an alternative agent with less functionalitycould be used. For the purposes of the present disclosure, the minimumfunctional attribute of the agent is to facilitate communicationsbetween the electronic device and a monitoring center or other remotecomputer or server. Communications may be initiated by the agent, by themonitoring center, or by both.

Host—This is the electronic device to be protected. Examples of a hostinclude a laptop, cell phone, PDA, smart phone (e.g. Blackberry™,iPhone™), memory stick, personal media device (e.g. iPod™), gamingdevice, personal computer, and netbook. The agent resides in the host.

Monitoring Center—This is a guardian server or other computer or serverthat the agent communicates with or sends a message to. It may be anemail server or it may be a distribution of servers or other computers.For example, provided an internet connection is available to the host,an agent may call the monitoring center once a day (or at some otherselected suitable interval) to report the location of the host, downloadsoftware upgrades if there are any and repair any security modules thatare or should be installed on the host. The interval between calls maybe modified (e.g. reduced) if a host moves into a high risk area from alow risk area. In the embodiments disclosed herein, the agent sends hostidentification and location information to remote electronic storagelocated in the monitoring center, and/or any other data desired to betransferred. Communication to the monitoring center may be, for example,via the internet (wired or wireless), via a wired or wireless telephonenetwork, via cable or via satellite. The functions of a monitoringcentre may be incorporated or associated with an electronic socialnetwork server.

The detailed descriptions within are presented largely in terms ofmethods or processes, symbolic representations of operations,functionalities and features of the invention. These method descriptionsand representations are the means used by those skilled in the art tomost effectively convey the substance of their work to others skilled inthe art. A software implemented method or process is here, andgenerally, conceived to be a self-consistent sequence of steps leadingto a desired result. These steps involve physical manipulations ofphysical quantities. Often, but not necessarily, these quantities takethe form of electrical or magnetic signals capable of being stored,transferred, combined, compared, and otherwise manipulated. It will befurther appreciated that the line between hardware, software andfirmware is not always sharp, it being understood by those skilled inthe art that software implemented processes may be embodied in hardware,firmware, or software, in the form of coded instructions such as inmicrocode and/or in stored programming instructions. In general, unlessotherwise indicated, singular elements may be in the plural and viceversa with no loss of generality. The use of the masculine can refer tomasculine, feminine or both. Drawings are not to scale.

B. Exemplary Embodiment

A schematic functional block diagram of a preferred embodiment is shownin FIG. 1. In many parts of the following detailed description, thesubject matter has been explained in relation to stolen devices, but aswould of course be evident to those of skill in the art, it appliesequally as well to devices that are lost or are at risk of being lost.

A host electronic device 10 such as a laptop comprises an agent 4 whichcan communicate regularly, non-periodically, randomly, semi-randomly oraccording to triggers, to monitoring center 20 via the interne 27, viasome other telecommunications network, or via a combination of these.Short Message Service (SMS) messaging can be used for all or some of thecommunications, for example.

The agent 4 is located in electronic memory 2 in the host device 10. Thememory 2 may be divided into different components and/or different typesof memory, and the agent 4 may be resident in more than one portion ofmemory 2. In the device 10, there is also a location device 6, such as aGPS, or an A-GPS device, or some other device performing locationdetermination. The locating device 6 may be a component or moduleseparate from the memory 2 as shown in FIG. 1, or it may be a modulecontained in or partially contained in the memory 2 of the electronicdevice 10. There may be one, two or more locating devices 6, eachoperating on a different principle or one acting as a backup foranother. The electronic device 10 generally contains a processor 1 forprocessing computer readable instructions, such as those forming theagent 4, and reading/writing data to and from the memory 2 via a bus 5.The electronic device 10 also includes an interface 3 to the internet 27or other communication network. It should be appreciated that a device10 that connects to the internet 27 may in some cases be considered partof the internet 27. The link 28 to the internet 27 or telecommunicationsnetwork may be wired or wireless, or both.

The agent 4 sends data, which identifies the host and may includelocation information, to a monitoring center 20 to be stored in remotestorage device(s) 21. Location and/or host identification data mayoptionally be encrypted for privacy reasons. The monitoring center 20may be a server which contains an interface 26 to the network 27, a bus25 via which components internal to the server communicate and aprocessor 24 for processing computer readable instructions in the memory21. Examples of instructions may be those included in one or moreprogram modules 23 for storing and/or encrypting incoming identificationand location data from multiple host devices 10, and for retrieving hostidentification data, host location data and theft records from one ormore databases 22. In some embodiments, the server may be formed frommultiple distinct computers or computing devices that communicate over anetwork.

In the case of theft or loss of a protected electronic device 41, theuser or owner of the device 41 reports it to the monitoring center 20.The monitoring center 20 records location information for the stolendevice 41 in, for example, a database 22. Such a database can store theidentification of a device, its location and the time it was at thatlocation, and optionally encrypt some or all of this information. Theserver 20 also has information relating to the location of other devices11, 12 which are being monitored for security reasons. By selecting fromthe database 22 the details of any other device(s) 12 that are in thesame general area or zone 30 as the stolen device 41, the owner and/oruser of such a device(s) 12 can be alerted to the presence in the zone30 of a lost or stolen device 41, and the possibility that there is athief 42 operating in the zone 30. In this example, devices 10, 11 wouldnot be sent an alert because they are outside the zone 30 in which thereis a lost/stolen device 41.

The thief 42 may have just stolen the device 41, or may have brought thedevice 41 into the area, or the device 41 may be being used or in thepossession of an unwitting purchaser, who, not knowing the device wasstolen, bought it from a thief.

As stolen device(s) 41 can be configured to report their locationfrequently (e.g. every minute, 5 minutes, ¼ hour), the database 22 whichcontains the location details of lost and/or stolen devices 41 iscontinually up-to date, or as up-to-date as possible taking into accountthat the devices 41 must have power and a communication link to themonitoring center 20. As a result, alerts relating to real-time ornear-real-time information may be given to the users of device(s) 12 toindicate to them that they are in an area of elevated risk of theft.

The size of the area that is taken into account for risk assessment canbe varied. It can be varied automatically, or it can be dependent on theprecision at which location coordinates can be detected. A user couldset the size of the risk zone to be taken into account. For example, thesize of the zone to be evaluated could correspond to a single building,such as “ZONE 1” 30, or it could correspond to a site with severalbuildings “ZONE 2” 31, which in the example shown includes an additionalthief 44 with a second stolen device 43.

The size of the zone may be defined as an area within a certain distanceof the device to be alerted. For example, the distance could be 10 m,100 m, 500 m, 2 km, or other distance.

An alert sent to a device 12 may be an audio alert, such as a chime, avoice message or a notification of an SMS message. For example, a textmessage sent as an alert could be: “BEWARE: 1 lost/stolen laptop in thisvicinity” or “BEWARE: 24 devices lost/stolen here in the last 3 days”.In the example shown, the alert given to device 12, where the zone ofinterest is “ZONE 2” 31 could be: “BEWARE: 2 lost/stolen laptops in thisvicinity”. The device can be configured to chime regularly, say every 10seconds, as a constant reminder to the user of the device 12 that thedevice is still within a zone 30, 31 of recent theft activity.

In some embodiments, the alert may additionally or alternatively be sentto a separate electronic device that does not include an agent 4. By wayof example with reference to FIG. 1, if protected electronic device 12is located within zone 30, the owner or legitimate user of protectedelectronic device 12 may be alerted by text message sent to his/hernon-protected cell phone. In further embodiments, the alert mayadditionally or alternatively be sent via text message or otherwise tothe mobile phones of security personnel who are presently in the zone30, whether or not their mobile phones include an agent 4. Securitypersonnel or organizations may also in some embodiments register withthe monitoring center 20 to automatically receive alerts that pertain toparticular geographic regions.

Shared Alerts

In an extension to the exemplary embodiment described above, a protecteddevice 12 shown in FIG. 2 may be configured to share any alerts itreceives with neighboring devices 13, 14, 15. The alert received couldbe a result of a thief 42 having in his possession a stolen device 41which has called into the monitoring center 20 with details of itslocation. The neighboring devices 13, 14, 15 may be connectable to theprotected device 12 via Bluetooth communication links. They may belongto the same person who uses device 12, or different people. A group 50of different people may be connected because they, for example, belongto the same electronic social network managed by a server 51 or they aretethering to gain access to the internet 27. It may happen that somedevice(s) 13 linked together in this way may be outside the risk zone30, but still receive an alert. As it is not essential to define theboundaries of the zone 30 precisely, and since the range of Bluetooth isnot intended to be high, this is of no real consequence.

Proximal Devices

FIG. 3 shows a situation where two devices 12, 16 are in the possessionof the same person 19. Both devices are configured to communicate theirlocation data to the monitoring centre 20 via a network 27. When amonitoring center 20 detects that one or both of the devices 12, 16 arein a high theft risk zone 30, and provided the location determinationmechanism is sensitive enough, say to a resolution of 1 m or 2 m, or insome cases maybe more, then the system can detect the approximateseparation of the two devices 12, 16. The separation can be calculatedfrom time to time in a module 23 in the monitoring center 20, as andwhen the devices 12, 16 send in their location data. If the separationexceeds a certain threshold, say 2 m, then one or both of the devices12, 16 can be instructed to sound an alarm. This would serve to remindthe user to check that one of the devices 12, 16 has not beeninadvertently left behind somewhere.

In another variant of this embodiment, each device 12, 16 could beequipped with an accelerometer for detecting its motion. An example ofsuch an accelerometer is a three-axis accelerometer commonly found insmart phones. By comparing motion data from the two devices, anapproximate separation between the two can be monitored by anapplication running on one or both of the devices, the necessarycommunication between the devices being via Bluetooth 29 or via anothernetwork 27. The application could run when the user is travelling, orcould run only when the user is in an elevated risk zone 30 in order toconserve battery energy. If the separation exceeds a predefineddistance, then an alarm could sound on one or both of the devices 12,16.

FIG. 4 shows a device 41 that has been stolen by a thief 42 in a zone30. The stolen device 41 communicates via Bluetooth to a group of otherdevices 17, 18 that are in the range 52 of the Bluetooth signal. Thedevice 41 is aware that it has been stolen, either by auto-detection, orby being informed by the monitoring center 20 after being reportedstolen by its owner, and transmits an alert and/or a ‘help’ signal tothe other devices 17, 18, where the signal contains descriptiveinformation about the device 41. The descriptive information may beretrieved from the monitoring centre 20, or from a social network server51 via network 27, and may include information uploaded there by theowner of the stolen device 41 prior to travelling. Such descriptiveinformation might, for example, be used to create an alert that reads:“I'm lost! I'm a laptop in a blue shoulder bag with a red maple leaf”.Devices 17, 18 that receive this alert may be used by securitypersonnel, for example in an airport, or they may belong to owners inthe same social network group as the owner of the lost/stolen device 41.Agent 4 does not have to be installed on the devices 17, 18 in order forthem to be capable of receiving the Bluetooth ‘help’ signal alert.

FIG. 5 is a functional flow diagram schematically illustrating steps inthe process that the system of FIG. 1 carries out. In step 60, themonitoring center of the system detects the location of a protectedelectronic device upon receiving location data from the agent located inthe device. A zone around the location of the protected device is thenselected or determined in step 61. The monitoring center of the systemthen retrieves 63 loss and/or theft data 62 for that zone. The theftdata 62 is retrieved 63 from a theft database 22 (FIG. 1). If 65 thetheft data 62 selected for the location in question is above a selectedthreshold (e.g. above zero items lost/stolen, above 1, above 2, etc.)for a selected period of time (e.g. last 24 hours, last week, last 25days, last 2 months, last year, year to date, per week, per month, alltime as covered by the database, all time to the extent that all recordsincluding third party records can be accessed), then the monitoringcenter sends an alert message to the device instructing the device totake action or set of actions 67, which could, for example, be therepeated sounding of an alert chime. The alert message is processed bythe agent and the agent responds by performing or initiating thespecified action(s) 67, and the monitoring center may select the actioncontent based on associated theft data stored in the database 22. Forexample, action(s) 67 may include the display of a text message thatindicates the number of recent thefts, when such thefts were reported,the types of devices stolen, the size or approximate boundaries of thezone, etc. In some embodiments, the monitoring centre may also refrainfrom sending any alert messages to a device that has been reported asstolen.

The threshold, the selected period of time, and/or the zone size may insome embodiments be selected programmatically based on the number ofprotected devices in a given area, or on other selected factors. By wayof example, in an area that includes a high density of monitoredprotected devices, such as in a large office, a higher threshold and/ora smaller zone size may be implemented.

If 65 the theft data 62 is not above a certain threshold, no alertmessage is sent and no action 67 is taken. Whether action 67 is taken ornot, the process next reverts to detecting 60 the location of theprotected electronic device, so that the location is monitored in realtime or near real time, and real time or near real time theft data 62 isalso retrieved, so that current alerts, if any, can be given.

FIG. 6 is a functional flow diagram schematically illustrating steps inthe process the system of FIG. 3 performs. In step 70, the monitoringcenter of the system carries out steps 60 through 65 (FIG. 5) inrelation to at least one proximal protected device A or B (12, 16 inFIG. 3) to detect that one of the two devices A and B are in a theftrisk zone, using theft data 62 that has previously been established inrelation to the location of the devices. The system then detects 71 thekinetics (i.e. state of motion and/or state of rest) of device A, andalso detects 72 the kinetics of device B. The system calculates 73changes in the relative spatial separation between the two devices A andB. If 74 the separation increase beyond a selected threshold, an alertmessage is sent from the monitoring center to one or both proximalprotected devices A and B to cause the sounding 75 thereby of an alertchime. If 74 the separation does not exceed the threshold, no alert issounded. The process then reverts back to detecting 70 whether or notone of the devices is in a high theft risk zone. On first entry into thetheft risk zone, a separation can be assumed (e.g. 1 m) or calculated,or the initial separation can be left out of the analysis and onlychanges in separation can be calculated. FIG. 3 illustrates thesituation where two proximal protected devices 12 and 16 are in thepossession of the same person, but it will of course be readilyunderstood by those of skill in the art without further illustration howthe system and method may be modified to accommodate the situation wherethree or more proximal protected devices are in the possession of thesame person, or where the proximal protected devices are in thepossession of a related set of individuals (such as, for example, afamily or a set of co-workers).

Alternatives and Variations

If the protected device is, for example, a laptop, the specified actionperformed or initiated by the agent in response to the receipt of analert message from the monitoring center may comprise the generation ofa pop-up or a series of pop-ups, which will act as a reminder to thelaptop owner or user to be a little extra vigilant while in thatlocation. The alert action could also, for example, be one or more of asound, a series of sounds, a text message, a telephone call, avibration, a series of vibrations, a light and a series of lights, etc.

The monitoring centre has significant data relating to locations ofstolen devices. This can be used to calculate a time-averaged riskprofile for each location. Data could be made available to a third partywhich then provides location based services to its clients. For example,a third party could be an electronic social network or a map provider.Data provided in this way could be averaged over a week, a month, ayear, or any other timescale, optionally with the most recent theft orloss events given the most weight. Any data supplied can be stripped ofpersonal or identifiable information. Data trends can be calculated toshow whether a location is becoming more or less of a risk, or isremaining stable. Information from such a data source can be fed toreview sites, such as restaurant review sites, hotel review sites,airport review sites, school review sites, city review sites, mallreview sites, entertainment location review site, etc.; in addition,such trend information could be incorporated into the alert actionmessages.

Due to management of large numbers of protected devices calling into amonitoring centre, it may be beneficial to have the alert generationmanaged by a third party. This way, the device need not actually callthe monitoring centre directly. It may be location-aware and have accessto theft-risk data compiled by the monitoring centre, and made availableby the monitoring centre to a third party. As people are likely to beconnected frequently to a social network, it may be more efficient toprovide the alerts to the users of the devices via social networks.Alternatively, Wi-Fi hot spot providers may register to receive an alertwhenever a lost or stolen protected device is determined to be in thevicinity and broadcast this alert to currently connected devices.

Alerts provided to devices may be related to the number of thefts thatgenerally occur in the area, as reported by the owners or users of thedevices. Alerts may be related to the presence of stolen devices in anarea. Alerts may be based on auto-detection of theft. For example, adevice may monitor for triggers of likely theft, such as repeatedincorrect passwords attempts or unusual movements.

Steps in the flowcharts may be performed in a different order to thatillustrated, or they may be combined where shown separately.

The monitoring centre may be a distributed monitoring centre. Forexample, devices to be protected could detect unique informationrelating to their location, such as Wi-Fi signal strengths, beacons,photographs etc. This unique information could be sent directly orindirectly to a server which deduces the location in more meaningfulterms, such as a grid reference or street address, from the uniqueinformation supplied. The more meaningful location information couldthen be provided to another server which retrieves the theft data forthe location in question.

The threshold for providing an alert to the heightened risk of theft maybe defined by the spatial density of thefts. For example, two thefts perweek in a large zone may be below a selected threshold, whereas onetheft per week in a much smaller zone may be above the selectedthreshold.

The present description is of the best presently contemplated mode ofcarrying out the subject matter disclosed and claimed herein. Thedescription is made for the purpose of illustrating the generalprinciples of the subject matter and not be taken in a limiting sense;the subject matter can find utility in a variety of implementationswithout departing from the scope of the disclosure made, as will beapparent to those of skill in the art from an understanding of theprinciples that underlie the subject matter.

We claim:
 1. A computer-implemented method of alerting electronic deviceusers of theft risk, comprising: monitoring the locations of a pluralityof electronic devices, wherein monitoring said locations comprisesreceiving identification and location information reported by saidelectronic devices regarding their current locations; monitoring theftstatuses of the electronic devices, at least some of said theft statusesbeing based on theft events reported by users of the electronic devices;determining, based on the monitored locations and monitored theftstatuses of the electronic devices, that a first electronic device ofsaid plurality of electronic devices is in a high theft risk zone, saiddetermining comprising automatically classifying the zone as currentlyhaving a high theft risk based as least partly on a detected presencewithin the zone of a second electronic device that is reported asstolen; and in response to determining that the first electronic deviceis in the high theft risk zone, causing an alert to be provided to auser of the first electronic device; said method performed automaticallyby a computerized system.
 2. The method of claim 1, wherein the firstelectronic device is a device that is not currently reported as stolen.3. The method of claim 1, wherein the theft statuses of the electronicdevices are based on one or more of theft events reported by users ofthe electronic devices, loss events reported by users of the electronicdevices, and the current location of devices that are reported as lostor stolen.
 4. The method of claim 1, wherein the alert comprises atextual alert message, and the method comprises incorporating, into thetextual alert message, data regarding one or more reported theft eventsassociated with the zone.
 5. The method of claim 4, wherein said dataregarding one or more reported theft events includes data regarding atype of electronic device reported as stolen.
 6. The method of claim 4,wherein said data regarding one or more reported theft events includesan indication of when a reported theft occurred.
 7. The method of claim1, wherein causing an alert to be provided to the user comprisestransmitting an alert message to the first electronic device.
 8. Themethod of claim 1, wherein the presence of the second electronic devicewithin the zone is a recent presence of the second electronic devicewithin the zone.
 9. The method of claim 1, wherein causing an alert tobe provided to the user consists of or comprises transmitting a textmessage to an electronic device of said user other than the firstelectronic device.
 10. Physical computer storage which stores executablecode that directs a computer system to perform the method of claim 1.11. A computer system comprising one or more computing devices, saidcomputer system programmed, via instructions represented in computerstorage, to perform the method of claim
 1. 12. The method of claim 1,wherein the alert is based at least partly on a substantially real timepresence, within the zone, of an electronic device that is reported asstolen.
 13. The method of claim 1, wherein determining that said firstelectronic device is in a high theft risk zone comprises:programmatically determining a territorial zone surrounding the firstelectronic device; retrieving data regarding one or more reported theftevents associated with the zone; and determining whether a number ofsaid reported theft events satisfies a selected threshold.
 14. Themethod of claim 13, wherein determining the territorial zone comprisesselecting a zone size based at least partly on a number of monitoredelectronic devices in an associated area.
 15. The method of claim 13,wherein the territorial zone is selected to correspond to a building.16. The method of claim 1, further comprising, following thedetermination that the first electronic device is located in the hightheft risk zone: monitoring a distance between the first electronicdevice and a third electronic device, said first and third electronicdevices both associated with said user; comparing the distance to athreshold; and causing at least one of the first and third electronicdevices to emit an alarm in response to determining that the distanceexceeds said threshold.
 17. The method of claim 1, wherein the hightheft risk classification of the zone is based further on reportedlocations of theft events.
 18. A first mobile electronic devicecomprising a processor and memory, said first mobile electronic deviceconfigured to alert a user of a real-time risk of theft by at least:transmitting information indicative of a current location of the firstmobile electronic device to a server, receiving information from theserver that identifies the current location as corresponding to anelevated theft risk, said information, received from the server, basedat least partly on a detected presence, within a selected distance ofthe current location, of a second mobile electronic device that isreported as stolen, and in response to receiving said information,outputting an alert to a user of the first mobile electronic device. 19.The mobile electronic device of claim 18, wherein the first device isfurther configured to notify a nearby mobile electronic device otherthan said second device of said theft risk.
 20. Non-transitory computerstorage having stored thereon executable program code that directs acomputer system to at least: monitor locations of mobile electronicdevices, including mobile electronic devices that are reported asstolen; define, based at least partly on the monitored locations of themobile electronic devices that are reported as stolen, a zone in which atheft risk is elevated, wherein the elevated theft risk zone is definedbased at least partly on a detected current or recent location of amobile electronic device that is reported as stolen; detect that amobile electronic device that is not reported as stolen is in said zonein which the theft risk is elevated; and generate an alert in responseto detecting that the mobile electronic device is in said zone.
 21. Thenon-transitory computer storage of claim 20, wherein the zone is definedbased additionally on data regarding locations of reported theft events.22. The non-transitory computer storage of claim 20, wherein the programcode additionally directs the computing system to send the alert to themobile electronic device.
 23. The non-transitory computer storage ofclaim 20, wherein the program code additionally causes the alert to beprovided to a user of the electronic device.
 24. The non-transitorycomputer storage of claim 20, wherein the zone is defined based at leastpartly on data regarding how recently one or more reportedly-stolenmobile electronic devices were in an area associated with said currentlocation.
 25. The non-transitory computer storage of claim 20, whereinthe zone is defined as an area within a selected distance of the mobileelectronic device.